The Institute of Technology at the University of Washington Tacoma is seeking applications for five full-time, tenure-track Associate/Assistant Professor positions for the Computer Science and Systems program and the Information Technology and Systems program. A Ph.D. or foreign equivalent in Computer Science, Information Technology, Information Systems or related field is required. Applicants should have experience in teaching and in externally-funded research. Our priority areas for research are (1) information assurance and cybersecurity – 2 positions, (2) data analytics – AI/intelligent systems, (3) CS theory/algorithms, and (4) spatial data/GIS; other areas will also be considered, especially if they are related to needs of the other Institute of Technology programs. Successful candidates will have demonstrated experience or promise for strong potential in research (as evidenced by publications). Evidence of potential to build strong relationships with partners in the technology industry and in developing collaborative research programs is highly desirable.

Applications should be submitted electronically to https://secure.interfolio.com/apply/21679 and include (1) a cover letter describing academic qualifications and experience for this position, (2) a statement of the candidate’s research program, (3) a list of publications, (4) a description of teaching philosophy, including a list of courses the candidate is qualified to teach, (5) evidence of teaching effectiveness, (6) a curriculum vitae, and (7) at least three letters of reference. Screening of applications will begin on October 15, 2013, and will continue until the positions are filled. Salary is competitive and will be commensurate with experience and qualifications.

Garbled circuits, a classical idea rooted in the work of Andrew Yao, have long been understood as a cryptographic technique, not a cryptographic goal. Here we cull out a primitive corresponding to this technique. We call it a garbling scheme. We provide a provable-security treatment for garbling schemes, endowing them with a versatile syntax and multiple security definitions. The most basic of these, privacy, suffices for two-party secure function evaluation (SFE) and private function evaluation (PFE). We next consider obliviousness and authenticity, properties needed for private and verifiable outsourcing of computation. Starting from a PRF, we give efficient schemes to achieve all security notions above, and analyze their concrete security. Our treatment of garbling schemes provides ground for more efficient garbling, more rigorous analyses, and more modularly designed higher-level protocols.

On the practical side, we provide extremely efficient garbling schemes based on fixed-key AES. We justify the security of these methods in the random-permutation model, where parties have access to a public random permutation, and build the JustGarble system to implement them. JustGarble evaluates moderate-sized garbled circuits at an amortized cost of 23.2 cycles per gate (7.25 nsec), far faster than any prior reported results.

Standard constructions of garbling schemes, including ours, provide only static security, meaning the input x is not allowed to depend on the garbled circuit F. But some application—notably one-time programs (Goldwasser, Kalai, and Rothblum 2008) and secure outsourcing (Gennaro, Gentry, Parno 2010)—need adaptive security, where x may depend on F. We identify gaps in proofs from these papers with regard to adaptive security, which signifies the absence of a good abstraction boundary. We then investigate adaptive security of garbling schemes, giving definitions encompassing privacy, authenticity, and obliviousness, wi[...]

\r\nGarbled circuits, a classical idea rooted in the work of Andrew Yao, have long been understood as a cryptographic technique, not a cryptographic goal. Here we cull out a primitive corresponding to this technique. We call it a garbling scheme. We provide a provable-security treatment for garbling schemes, endowing them with a versatile syntax and multiple security definitions. The most basic of these, privacy, suffices for two-party secure function evaluation (SFE) and private function evaluation (PFE). We next consider obliviousness and authenticity, properties needed for private and verifiable outsourcing of computation. Starting from a PRF, we give efficient schemes to achieve all security notions above, and analyze their concrete security. Our treatment of garbling schemes provides ground for more efficient garbling, more rigorous analyses, and more modularly designed higher-level protocols.\r\n

\r\nOn the practical side, we provide extremely efficient garbling schemes based on fixed-key AES. We justify the security of these methods in the random-permutation model, where parties have access to a public random permutation, and build the JustGarble system to implement them. JustGarble evaluates moderate-sized garbled circuits at an amortized cost of 23.2 cycles per gate (7.25 nsec), far faster than any prior reported results.\r\n

\r\nStandard constructions of garbling schemes, including ours, provide only static security, meaning the input x is not allowed to depend on the garbled circuit F. But some application—notably one-time programs (Goldwasser, Kalai, and Rothblum2008) and secure outsourcing (Gennaro, Gentry, Parno 2010)—need adaptive security, where x may depend on F. We identify gaps in proofs from these papers with regard to adaptive security, which signifies the absence of a good abstraction boundary. We then investigate adaptive security of garbling schemes, giving definitions encompassing privacy, authenticity, and obliviousness,[...]

It is a conference about all aspects of information-theoretic security. Its
aim is to bring together researchers from all over the world from the areas
of cryptography, information theory and quantum information. The conference
was created as a successor of the “IEEE Information Theory Workshop on
Theory and Practice in Information-Theoretic Security” on Awaji Island,
Japan, and takes place every 18 month, alternating between Asia, Europe and
North America. Previous ICITS conferences were held in Madrid (Spain),
Calgary (Canada), Shizuoka (Japan) and Amsterdam (The Netherlands).

As in previous ICITS conferences, the plenary talks were given by the
leading researchers in the field. This year, these talks were given by
Serge Fehr (CWI Amsterdam), Patrick Hayden (McGill University), Negar
Kiyavash (University of Illinois at Urbana-Champaign), Xin Li (University
of Washington), Krzysztof Pietrzak (IST Austria) and Salil Vadhan (Harvard
University).

The usual process for conferences in Computer Science is that all submitted
papers first undergo a careful reviewing process, and all papers that are
accepted are not only presented at the conference, but they also appear in
the conference’s proceedings. Previous ICITS conferences also used this
format, but it turned out not to be optimal for information theorists and
physicists. For this years ICITS, the organizers therefore decided to make
a special “workshop track,” in addition to the more standard “conference
track,” where the speakers needed to submit only a one-page abstract which
will appear in the proceedings. This new format with both a conference and
a workshop track was a big success, both in quality and quantity, and
having as additional track also increased the number of participants.

The ICITS
2013 will take place in Singapore, from November 28 to 30, 2013.

Description: Any cryptographic functionality, such as encryption or authentication, must be implemented in the real world before it can be put to practical use. This implementation typically takes the form of either a software implementation for a general-purpose device such as a personal computer, or as a dedicated secure hardware device, whose main purpose is to embody the cryptographic functionality. Examples of such secure hardware devices include smart cards, car alarm key fobs and computerized ballots. To evaluate the security of a cryptographic system, researchers look for flaws which allow an attacker to break the security assumptions of the system (for example, allowing an unauthorized party to view or modify a message intended for someone else). Physical attacks (also called implementation attacks) compromise the system by taking advantage of the physical aspects of the algorithm\'s implementation. Some physical attacks (such as, for example, power analysis) recover the secret key used by the secure device by analyzing physical effects produced during its use; Others (such as, for example, relay attacks) disable or otherwise limit its secure behaviour by exploiting design or implementation flaws or by changing the underlying assumptions made by the designers of the system. \r\n\r\nThis research focuses on physical attacks on secure hardware devices and on countermeasures which protect against these attacks. My goals were to investigate vulnerabilities in current secure hardware implementations and to evaluate the effectiveness of current and proposed countermeasures against these vulnerabilities. The two main tracks of my research are side-channel analysis (and explicitly power analysis) and secure RFID.\r\n\r\nIn the side-channel analysis track, I investigated ways of reducing the data requirements of power analysis attacks. We showed how to mount key recovery attacks on a secure device using an extremely low amount of measurement data. The main novelty of our[...]